RubyGems - hydra-access-controls - Versions diffs - 10.5.0 → 10.5.1 - Mend

hydra-access-controls 10.5.0 → 10.5.1

Files changed (12) hide show

checksums.yaml +4 -4
data/lib/hydra/policy_aware_access_controls_enforcement.rb +10 -9
data/spec/factories.rb +1 -1
data/spec/services/embargo_service_spec.rb +4 -4
data/spec/services/lease_service_spec.rb +4 -4
data/spec/spec_helper.rb +1 -1
data/spec/unit/ability_spec.rb +25 -25
data/spec/unit/accessible_by_spec.rb +4 -4
data/spec/unit/admin_policy_spec.rb +1 -1
data/spec/unit/permission_spec.rb +1 -1
data/spec/unit/policy_aware_access_controls_enforcement_spec.rb +1 -1
metadata +3 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ed94a3c77e4473df017f3e8d932af844b5bc4eda
-  data.tar.gz: 14bf723d584d15d01d35882b3be61fa4d2c14fa5
+  metadata.gz: 2ff67011c0dfacf46f43a710b1bf75be300c91f8
+  data.tar.gz: 9894ed9ca3d96943443058a9546b32cdd71c8a8c
 SHA512:
-  metadata.gz: ac4802b6ab1511152cef8d8f9c4c27194eb6e5f90e4439f35130497d17bb72ccd7676be420a1c80ea487b7bda2f60595dee9acec091e80fcf9a911d8dd8fece8
-  data.tar.gz: 0f3830cef55ada92f0d9cb4250e433ac56b331eba178e4cbaea785aa68748cfff57355dc2ded2a60d511255b65abc173332ff4179f971642a0d5c955845d2b59
+  metadata.gz: 41a3c4f41486967062df9adb768a6002eb5762967e70ce225dfa474eb2c293c2b86edea0a0b7cc935e57518bbcc1dd4d7ea2124b2dc514e600e0221ab209a0fb
+  data.tar.gz: c862bc4aa6120634f94370b7d0a0d72c579e4f07de7f135fff793c9ca65024519fbe5462777659ab89c5d91fc0a83955981722aa56284cec9615d82b773614c4

data/lib/hydra/policy_aware_access_controls_enforcement.rb CHANGED

@@ -1,27 +1,26 @@
 # Repeats access controls evaluation methods, but checks against a governing "Policy" object (or "Collection" object) that provides inherited access controls.
 module Hydra::PolicyAwareAccessControlsEnforcement
-  # Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access
-  # appends the result of policy_clauses into the :fq
-  # @param solr_parameters the current solr parameters
-  # @param user_parameters the current user-subitted parameters
+  # Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access.
+  # Appends the result of policy_clauses into the :fq
+  # @param [Hash] solr_parameters the current solr parameters, to be modified herein!
   def apply_gated_discovery(solr_parameters)
     super
     logger.debug("POLICY-aware Solr parameters: #{ solr_parameters.inspect }")
   end
-  # returns solr query for finding all objects whose policies grant discover access to current_user
+  # @return [String,nil] solr query for finding all objects whose policies grant discover access to current_user
   def policy_clauses
     policy_ids = policies_with_access
     return nil if policy_ids.empty?
     '(' + policy_ids.map {|id| ActiveFedora::SolrQueryBuilder.construct_query_for_rel(isGovernedBy: id)}.join(' OR '.freeze) + ')'
   end
-  # find all the policies that grant discover/read/edit permissions to this user or any of its groups
+  # Find all the policies that grant discover/read/edit permissions to this user or any of its groups.
+  # Grant access based on user id & group
   def policies_with_access
     #### TODO -- Memoize this and put it in the session?
     user_access_filters = []
-    # Grant access based on user id & group
     user_access_filters += apply_policy_group_permissions(discovery_permissions)
     user_access_filters += apply_policy_user_permissions(discovery_permissions)
     result = policy_class.search_with_conditions( user_access_filters.join(" OR "), fl: "id", rows: policy_class.count )
@@ -29,8 +28,9 @@ module Hydra::PolicyAwareAccessControlsEnforcement
     result.map {|h| h['id']}
   end
+  # for groups
+  # @param [Array{String,#to_sym}] permission_types symbols (or equivalent) from Hydra.config.permissions.inheritable
   def apply_policy_group_permissions(permission_types = discovery_permissions)
-      # for groups
       user_access_filters = []
       current_ability.user_groups.each_with_index do |group, i|
         permission_types.each do |type|
@@ -40,8 +40,9 @@ module Hydra::PolicyAwareAccessControlsEnforcement
       user_access_filters
   end
+  # for individual user access
+  # @param [Array{String,#to_sym}] permission_types
   def apply_policy_user_permissions(permission_types = discovery_permissions)
-    # for individual user access
     user = current_ability.current_user
     return [] unless user && user.user_key.present?
     permission_types.map do |type|

data/spec/factories.rb CHANGED

@@ -1,4 +1,4 @@
-FactoryGirl.define do
+FactoryBot.define do
   # Users

data/spec/services/embargo_service_spec.rb CHANGED

@@ -5,19 +5,19 @@ describe Hydra::EmbargoService do
   let(:past_date) { 2.days.ago }
   let!(:work_with_expired_embargo1) do
-    FactoryGirl.build(:asset, embargo_release_date: past_date.to_s).tap do |work|
+    FactoryBot.build(:asset, embargo_release_date: past_date.to_s).tap do |work|
       work.save(validate:false)
     end
   end
   let!(:work_with_expired_embargo2) do
-    FactoryGirl.build(:asset, embargo_release_date: past_date.to_s).tap do |work|
+    FactoryBot.build(:asset, embargo_release_date: past_date.to_s).tap do |work|
       work.save(validate:false)
     end
   end
-  let!(:work_with_embargo_in_effect) { FactoryGirl.create(:asset, embargo_release_date: future_date.to_s)}
-  let!(:work_without_embargo) { FactoryGirl.create(:asset)}
+  let!(:work_with_embargo_in_effect) { FactoryBot.create(:asset, embargo_release_date: future_date.to_s)}
+  let!(:work_without_embargo) { FactoryBot.create(:asset)}
   describe "#assets_with_expired_embargoes" do
     it "returns an array of assets with expired embargoes" do

data/spec/services/lease_service_spec.rb CHANGED

@@ -5,19 +5,19 @@ describe Hydra::LeaseService do
   let(:past_date) { 2.days.ago }
   let!(:work_with_expired_lease1) do
-    FactoryGirl.build(:asset, lease_expiration_date: past_date.to_s).tap do |work|
+    FactoryBot.build(:asset, lease_expiration_date: past_date.to_s).tap do |work|
       work.save(validate: false)
     end
   end
   let!(:work_with_expired_lease2) do
-    FactoryGirl.build(:asset, lease_expiration_date: past_date.to_s).tap do |work|
+    FactoryBot.build(:asset, lease_expiration_date: past_date.to_s).tap do |work|
       work.save(validate: false)
     end
   end
-  let!(:work_with_lease_in_effect) { FactoryGirl.create(:asset, lease_expiration_date: future_date.to_s)}
-  let!(:work_without_lease) { FactoryGirl.create(:asset)}
+  let!(:work_with_lease_in_effect) { FactoryBot.create(:asset, lease_expiration_date: future_date.to_s)}
+  let!(:work_without_lease) { FactoryBot.create(:asset)}
   describe "#assets_with_expired_leases" do
     it "returns an array of assets with expired embargoes" do

data/spec/spec_helper.rb CHANGED

@@ -35,7 +35,7 @@ ActiveSupport::Dependencies.autoload_paths += relative_load_paths
 require 'support/mods_asset'
 require 'support/solr_document'
 require "support/user"
-require "factory_girl"
+require "factory_bot"
 require 'rspec/mocks'
 require 'rspec/its'
 require "factories"

data/spec/unit/ability_spec.rb CHANGED

@@ -31,7 +31,7 @@ describe Ability do
   end
   context "for a signed in user" do
-    let(:user) { FactoryGirl.build(:registered_user) }
+    let(:user) { FactoryBot.build(:registered_user) }
     it { should_not be_able_to(:create, ActiveFedora::Base) }
   end
@@ -42,7 +42,7 @@ describe Ability do
 #   Test coverage for discover permission is in spec/requests/gated_discovery_spec.rb
   describe "Given an asset that has been made publicly discoverable" do
-    let(:asset) { FactoryGirl.create(:asset) }
+    let(:asset) { FactoryBot.create(:asset) }
     before do
       asset.permissions_attributes = [{ name: "public", access: "discover", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
       asset.save
@@ -58,7 +58,7 @@ describe Ability do
     end
     context "Then a registered user" do
-      let(:user) { FactoryGirl.build(:registered_user) }
+      let(:user) { FactoryBot.build(:registered_user) }
       it { should     be_able_to(:discover, asset) }
       it { should_not be_able_to(:read, asset) }
       it { should_not be_able_to(:edit, asset) }
@@ -68,8 +68,8 @@ describe Ability do
   end
   describe "Given an asset that has been made publicly available (ie. open access)" do
-    #let(:asset) { FactoryGirl.create(:open_access_asset) }
-    let(:asset) { FactoryGirl.create(:asset) }
+    #let(:asset) { FactoryBot.create(:open_access_asset) }
+    let(:asset) { FactoryBot.create(:asset) }
     before do
       asset.permissions_attributes = [{ name: "public", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
       asset.save
@@ -85,7 +85,7 @@ describe Ability do
     end
     context "Then a registered user" do
-      let(:user) { FactoryGirl.build(:registered_user) }
+      let(:user) { FactoryBot.build(:registered_user) }
       it { should     be_able_to(:discover, asset) }
       it { should     be_able_to(:read, asset) }
       it { should_not be_able_to(:edit, asset) }
@@ -95,7 +95,7 @@ describe Ability do
   end
   describe "Given an asset with no custom access set" do
-    let(:asset) { FactoryGirl.create(:asset) }
+    let(:asset) { FactoryBot.create(:asset) }
     before do
       asset.permissions_attributes = [{ name: "joe_creator", access: "edit", type: "person" }]
       asset.save
@@ -110,7 +110,7 @@ describe Ability do
       it { should_not be_able_to(:destroy, asset) }
     end
     context "Then a registered user" do
-      let(:user) { FactoryGirl.build(:registered_user) }
+      let(:user) { FactoryBot.build(:registered_user) }
       it { should_not be_able_to(:discover, asset) }
       it { should_not be_able_to(:read, asset) }
       it { should_not be_able_to(:edit, asset) }
@@ -118,7 +118,7 @@ describe Ability do
       it { should_not be_able_to(:destroy, asset) }
     end
     context "Then the Creator" do
-      let(:user) { FactoryGirl.build(:joe_creator) }
+      let(:user) { FactoryBot.build(:joe_creator) }
       it { should     be_able_to(:discover, asset) }
       it { should     be_able_to(:read, asset) }
       it { should     be_able_to(:edit, asset) }
@@ -132,14 +132,14 @@ describe Ability do
   end
   describe "Given an asset which registered users have read access to" do
-    # let(:asset) { FactoryGirl.create(:org_read_access_asset) }
-    let(:asset) { FactoryGirl.create(:asset) }
+    # let(:asset) { FactoryBot.create(:org_read_access_asset) }
+    let(:asset) { FactoryBot.create(:asset) }
     before do
       asset.permissions_attributes = [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
       asset.save
     end
     context "The a registered user" do
-      let(:user) { FactoryGirl.build(:registered_user) }
+      let(:user) { FactoryBot.build(:registered_user) }
       before do
         allow(user).to receive(:new_record?).and_return(false)
       end
@@ -154,7 +154,7 @@ describe Ability do
   end
   describe "Given an asset with collaborator" do
-    let(:asset) { FactoryGirl.create(:asset) }
+    let(:asset) { FactoryBot.create(:asset) }
     before do
       asset.permissions_attributes = [{ name:"africana-faculty", access: "edit", type: "group" }, {name: "calvin_collaborator", access: "edit", type: "person"}]
       asset.save
@@ -162,7 +162,7 @@ describe Ability do
     after { asset.destroy }
     context "Then a collaborator with edit access (user permision)" do
-      let(:user) { FactoryGirl.build(:calvin_collaborator) }
+      let(:user) { FactoryBot.build(:calvin_collaborator) }
       it { should     be_able_to(:discover, asset) }
       it { should     be_able_to(:read, asset) }
@@ -173,7 +173,7 @@ describe Ability do
     end
     context "Then a collaborator with edit access (group permision)" do
-      let(:user) { FactoryGirl.build(:martia_morocco) }
+      let(:user) { FactoryBot.build(:martia_morocco) }
       before do
         allow(user).to receive(:groups).and_return(["faculty", "africana-faculty"])
       end
@@ -183,14 +183,14 @@ describe Ability do
   end
   describe "Given an asset where dept can read & registered users can discover" do
-    # let(:asset) { FactoryGirl.create(:dept_access_asset) }
-    let(:asset) { FactoryGirl.create(:asset) }
+    # let(:asset) { FactoryBot.create(:dept_access_asset) }
+    let(:asset) { FactoryBot.create(:asset) }
     before do
       asset.permissions_attributes = [{ name: "africana-faculty", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }]
       asset.save
     end
     context "Then a registered user" do
-      let(:user) { FactoryGirl.build(:registered_user) }
+      let(:user) { FactoryBot.build(:registered_user) }
       it { should_not be_able_to(:discover, asset) }
       it { should_not be_able_to(:read, asset) }
@@ -201,7 +201,7 @@ describe Ability do
     end
     context "Then someone whose role/group has read access" do
-      let(:user) { FactoryGirl.build(:martia_morocco) }
+      let(:user) { FactoryBot.build(:martia_morocco) }
       before do
         allow(user).to receive(:groups).and_return(["faculty", "africana-faculty"])
       end
@@ -228,7 +228,7 @@ describe Ability do
         end
       end
     end
-    let(:user) { FactoryGirl.build(:staff) }
+    let(:user) { FactoryBot.build(:staff) }
     after do
       Object.send(:remove_const, :MyAbility)
@@ -241,13 +241,13 @@ describe Ability do
   end
   describe "calling ability on two separate objects" do
-    let(:asset1) { FactoryGirl.create(:asset) }
-    let(:asset2) { FactoryGirl.create(:asset) }
+    let(:asset1) { FactoryBot.create(:asset) }
+    let(:asset2) { FactoryBot.create(:asset) }
     before do
       asset1.permissions_attributes = [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
       asset1.save
     end
-    let(:user) { FactoryGirl.build(:calvin_collaborator) } # has access to @asset1, but not @asset2
+    let(:user) { FactoryBot.build(:calvin_collaborator) } # has access to @asset1, but not @asset2
     after do
       asset1.destroy
       asset2.destroy
@@ -261,8 +261,8 @@ describe Ability do
   end
   describe "download permissions" do
-    let(:asset) { FactoryGirl.create(:asset) }
-    let(:user) { FactoryGirl.build(:user) }
+    let(:asset) { FactoryBot.create(:asset) }
+    let(:user) { FactoryBot.build(:user) }
     let(:file) { ActiveFedora::File.new() }
     before { allow(file).to receive(:uri).and_return(uri) }

data/spec/unit/accessible_by_spec.rb CHANGED

@@ -1,11 +1,11 @@
 require 'spec_helper'
 describe "active_fedora/accessible_by" do
-  let(:user) {FactoryGirl.build(:ira_instructor)}
+  let(:user) {FactoryBot.build(:ira_instructor)}
   let(:ability) {Ability.new(user)}
-  let(:private_obj) {FactoryGirl.create(:asset)}
-  let(:public_obj) {FactoryGirl.create(:asset)}
-  let(:editable_obj) {FactoryGirl.create(:asset)}
+  let(:private_obj) {FactoryBot.create(:asset)}
+  let(:public_obj) {FactoryBot.create(:asset)}
+  let(:editable_obj) {FactoryBot.create(:asset)}
   before do
     private_obj.permissions_attributes = [{ name: "joe_creator", access: "edit", type: "person" }]

data/spec/unit/admin_policy_spec.rb CHANGED

@@ -120,7 +120,7 @@ describe Hydra::AdminPolicy do
   # Policy-based Access Controls
   #
   describe "When accessing assets with Policies associated" do
-    let(:user) { FactoryGirl.build(:martia_morocco) }
+    let(:user) { FactoryBot.build(:martia_morocco) }
     before do
       allow(user).to receive(:groups).and_return(["faculty", "africana-faculty"])

data/spec/unit/permission_spec.rb CHANGED

@@ -62,7 +62,7 @@ describe Hydra::AccessControls::Permission do
     context 'with a User instance passed as :name argument' do
       let(:permission) { described_class.new(type: 'person', name: user, access: 'read') }
-      let(:user) { FactoryGirl.build(:archivist, email: 'archivist1@example.com') }
+      let(:user) { FactoryBot.build(:archivist, email: 'archivist1@example.com') }
       it "uses string and escape agent when building" do
         expect(permission.agent.first.rdf_subject.to_s).to eq 'http://projecthydra.org/ns/auth/person#archivist1@example.com'

data/spec/unit/policy_aware_access_controls_enforcement_spec.rb CHANGED

@@ -92,7 +92,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
   let(:current_ability) { Ability.new(user) }
   subject { PolicyMockSearchBuilder.new(current_ability) }
-  let(:user) { FactoryGirl.build(:sara_student) }
+  let(:user) { FactoryBot.build(:sara_student) }
   before do
     @solr_parameters = {}

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hydra-access-controls
 version: !ruby/object:Gem::Version
-  version: 10.5.0
+  version: 10.5.1
 platform: ruby
 authors:
 - Chris Beer
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-06-09 00:00:00.000000000 Z
+date: 2018-04-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -237,7 +237,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.12
+rubygems_version: 2.6.14
 signing_key:
 specification_version: 4
 summary: Access controls for project hydra